- Virus is 32bit with a compressed file size of 28,160
bytes, and is a minor variant of W32/Scold.A-mm
- Virus is introduced to a target system via an email
attachment from another infected user
- If the virus is run, it may copy itself to the
undefinedWindowsundefined folder as "warm.scr" and modify
the registry to auto run this virus at next Windows
ExeName32 = C:\WINNT\warm.scr
The virus will create an email message for each contact listed in the Windows address book - the email message may be slightly varied with the following properties -
Subject: undefinedxundefined When It´s Cold Outside She Gives Me Warm Inside undefinedrandom
You will love this cute picture.
Enjoy this great picture.
Don't miss this cool picture.
============= Free Online Virus Scan =============
100undefined VIRUS FREE
No viruses or suspicious files were found in the attached file.
In the example above, undefinedxundefined is either "", "Fw:" or "Re:", and undefinedrandomundefined is random letters
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
- Enable blocking of .SCR file attachments using FortiGate
manager interface for POP3, SMTP and IMAP email services
- Add the following words to the Email quarantine
feature of FortiGate -
Configure email server applications to quarantine emails tagged by FortiGate and delete as necessary